Internal Audit Report 2022-018

Riverside County Sheriff-Coroner

Department Audit

Report Date: July 12, 2022

Office of Paul Angulo, CPA, MA

Riverside County Auditor-Controller
4080 Lemon Street, 11th Floor
Riverside, CA 92509
(951) 955-3800

www.auditorcontroller.org
 COUNTY OF RIVERSIDE
OFFICE OF THE
AUDITOR-CONTROLLER

County Administrative Center

4080 Lemon Street, 11th Floor
P.O. Box 1326 Paul Angulo, CPA, MA
Riverside, CA 92502-1326 Riverside County Auditor-Controller
(951) 955-3800
Fax (951) 955-3802 Tanya S. Harris, DPA, CPA
Assistant Auditor-Controller

July 12, 2022

Sheriff Bianco
Sheriff-Coroner
Riverside County Sheriff-Coroner Department
4095 Lemon St, 2nd Floor
Riverside, CA 92501

Subject: Internal Audit Report 2022-018: Riverside County Sheriff-Coroner

Department Audit

Dear Sheriff Bianco:

In accordance with Board of Supervisors Resolution 83-338, we audited the Riverside

County Sheriff-Coroner Department to provide management and the Board of
Supervisors with an independent assessment of internal controls over cash accounts held
outside of the Treasury, complaint process, inventory management – armory room,
software access rights, and purchasing processes.

We conducted our audit in accordance with the International Standards for the
Professional Practice of Internal Auditing. These standards require that we plan and
perform the audit to obtain sufficient, reliable, relevant and useful information to
provide reasonable assurance that our objective as described above is achieved. An
internal audit includes the systematic analysis of information to evaluate and improve
the effectiveness of internal controls. We believe this audit provides a reasonable basis
for our conclusion.

Internal controls are processes designed to provide management reasonable assurance

of achieving efficiency of operations, compliance with laws and regulations, and
reliability of financial and non-financial information. Management is responsible for
establishing and maintaining adequate internal controls. Our responsibility is to
evaluate the internal controls.
 Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Our conclusion and details of our audit are documented in the body of this audit report.
As requested, in accordance with paragraph III.C of the Board of Supervisors
Resolution 83-338, we asked management to provide a response to our audit findings
and recommendations. However, a response was not submitted and therefore not
included in this report. We will follow-up to verify that management implemented the
corrective actions.

Paul Angulo, CPA, MA

Riverside County Auditor-Controller

By: René Casillas, CPA, CRMA

Chief Internal Auditor

cc: Board of Supervisors

Jeff A. Van Wagenen, Jr., County Executive Officer
Dave Rogers, Chief Administrative Officer
Grand Jury

Page 2
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Table of Contents

Page

Executive Summary ................................................................................................................ 4

Results:

Cash Accounts Held Outside of the Treasury ..................................................................... 8

Inventory Management – Armory Room .......................................................................... 11

Software Access Rights ......................................................................................................... 14

Purchasing Processes ............................................................................................................. 17

Page 3
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Executive Summary

Overview

Riverside County Sheriff-Coroner Department (Sheriff Department) is responsible for

providing “24/7 uniformed response to calls for service from the public in the
unincorporated county areas” as well as “operate a countywide jail system that serves
all local agencies, provide court security and service of court processes and orders and
to perform Coroner – Public Administrator functions pursuant to California law.” To
provide these services, the Sheriff Department budget is $898 million and there are
4,970 authorized positions (County of Riverside, Fiscal Year 2021-22, Adopted Budget,
Volume 1, 273-274).

Audit Objective

Our objective is to provide management and the Board of Supervisors with an

independent assessment about the adequacy and effectiveness of internal controls over
cash accounts held outside of the Treasury, complaint process, inventory management –
armory room, software access rights, and purchasing processes. Internal controls are
processes designed to provide management reasonable assurance of achieving
efficiency of operations, compliance with laws and regulations, and reliability of
financial and non-financial information. Reasonable assurance recognizes internal
controls have inherent limitations, including cost, mistakes, and intentional efforts to
bypass internal controls.

Audit Scope and Methodology

We conducted the audit from January 21, 2022, through June 9, 2022, for operations
from July 1, 2020, through May 25, 2022. Following a risk-based approach, our scope
included the following:

• Cash Accounts Held Outside of the Treasury

• Complaint Process
• Inventory Management – Armory Room
• Software Access Rights
• Purchasing Processes

Page 4
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Audit Highlights

Summary of Existing Conditions

The risk areas the current processes are unable to mitigate are the following:

• Opening and closing of bank accounts held outside of the Treasury has been
delegated to individual station or bureau captains. Some of these are opened without
prior authorization or knowledge by the Administrative Services Division. Having a
decentralized process to manage the approval, opening, and closing of bank accounts
increases the risk of asset misappropriation.

• Cash account reconciliations are not being performed timely and reconciliations
performed lack audit documentation showing the preparer, review, and approval.
Additionally, the department does not have a formal policy in place to guide their
personnel on how to properly manage these accounts. Lack of controls over these bank
accounts leave the department susceptible to misuse or misappropriation.

• Items maintained in their armory inventory are not being reported to the Auditor-
Controller’s Office during the year end reporting process. The accounting and reporting
guidelines are not followed and financial records and reporting obligations are non-
compliant.

• Armory Room inventory did not always match the item quantities listed in the
internal count sheets. An inventory system that tracks inventory in real time creates an
efficient manner to account for inventory.

• Key inventory management functions over ammunition and firearms did not have
adequate segregation of duties. This increases the risk of inaccurate inventory listings
and misappropriation of items.

• Terminated employees’ access rights to critical systems linked to active directory

were not disabled timely. When an account is not closed immediately after employment
has ended, there is a security risk to the information maintained in the systems used by
the department.

• Critical systems not linked to active directory and requiring manual deactivation
were not deactivated after employee separated from department. When an account is
not deactivated upon separation, the credentials for the individual remain active and
usable. If an unauthorized individual were to obtain a terminated employee’s
credentials, there is a security risk to the data stored within the system.

Page 5
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

• Split purchases were identified in multiple purchase orders. Splitting purchase

orders circumvents requisitions and approving controls put in place to ensure
compliance with county purchasing policies and mitigates risks of inappropriate
purchasing practices.

Summary of Improvement Opportunities

The major improvement opportunities are in the following areas:

• Establish a centralized procedure which requires individual stations or bureaus to

request the opening or closing of bank accounts from centralized accounting.

• Ensure there are adequate segregation of duties over the opening and closing of
accounts held outside of the Treasury

• Develop policies and procedures that ensure bank reconciliations for the accounts
held outside of the Treasury are adequately reviewed and approved to maintain
compliance with the Standard Practice Manual 1001, Internal Control.

• Ensure staff is adequately trained and adhering to the process that ensures bank
reconciliations for the accounts held outside of the Treasury are adequately reviewed
and approved to maintain compliance with the Standard Practice Manual 1001, Internal
Control.

• Use an inventory management system such as Service Now, that tracks, maintains,
and updates inventory counts in real time to ensure that counts are accurate and
facilitate the year-end reporting processes in accordance with Standard Practice Manual
801, Inventory of Materials and Supplies.

• Ensure physical inventory counts are periodically conducted and documentation of

the counts, their review, and approval is maintained.

• Ensure there are adequate segregation of duties for handling, tracking, and
recording inventory items or develop compensating controls to monitor inventory
items.

• Ensure the department is disabling active directory accounts on the day of an

employee’s termination or transfer from the department as required by County of
Riverside Information Security Standard v1.0, Section 4.1, Account and Access
Management.

Page 6
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

• Establish policies and procedures for the immediate disabling of user access rights
for terminated or transferred employee in accordance with County of Riverside
Information Security Standard v1.0, Section 4.1, Account and Access Management.

• Implement a process/procedure to ensure that systems that are not linked to active
directory have a completed manual deactivation and verification that the individual no
longer appears on an active user listing.

• Develop a process to maintain compliance with purchasing authority limitations set

forth in the Riverside County Purchasing Policy Manual.

• Ensure personnel with purchasing responsibilities are trained on the Riverside

County Purchasing Policy Manual and track their completion.

Audit Conclusion

We are not able to provide results on one of the five areas included in our audit scope.
The Sheriff Department denied us the ability to evaluate the internal controls over the
complaint processes against their own internal procedures with their refusal to provide
us any information. Our objective was not only to validate department personnel are
following policies and procedures, but also validate the department is achieving the
objectives of the policies and reporting some of these complaints as intended in the
transparency section of the Sheriff’s website.

We were able to identify opportunities for improvement of internal controls relating to

cash accounts held outside of the Treasury, inventory management – armory room,
software access rights, and purchasing processes.

Page 7
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Cash Accounts Held Outside of the Treasury

Background

The Sheriff Department holds 41 bank accounts outside of the Riverside County
Treasury. The purpose of these accounts is for various reasons which include bail and
fines, CDs, civil monies, community services, corrections special events, emergency
funds, estate funds, evidence, explorer post, gang task force, homeless outreach,
indigent transportation, inmate trust funds, money market, and unclaimed money. Each
account is maintained by the individual station/bureau. The amount within these
accounts varies.

Standard Practice Manual 607, To Establish and Maintain Checking Accounts Outside the
County Treasury, states that it is the responsibility of the “assigned trustor to each bank
account …[to] ensure compliance with the policies and procedures, [perform] timely
reconciliations of bank accounts, [ensure] adequate segregation of duties regarding the
administration of the account, [monitor] the continued need or appropriate structure for
such accounts, and [determine] other oversight requirements as appropriate”.

Objective

To verify the existence and adequacy of controls over Sheriff Department bank accounts
held outside of the Treasury.

Audit Methodology

To accomplish these objectives, we:

• Obtained an understanding of departmental processes and procedures.

• Interviewed key personnel and obtained an overview of the bank accounts held
outside of the Treasury.

• Obtained a listing of all accounts held outside of the Treasury from the department
and compared to the list of accounts from Auditor-Controller’s Office.

• Selected a sample of 5 bank accounts and obtained bank reconciliations for review
months.

Page 8
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

• Analyzed the review, approval, and reconciliation process for the accounts selected.

Finding 1: Department Oversight of Accounts Held Outside of the Treasury

Individual stations and bureaus have the authority to open bank accounts held outside
of the Treasury without prior knowledge and approval of the Administrative Services
Division. The Administrative Services Division is reliant on self-reporting of the
individual stations or bureaus to report any accounts that have been opened or closed
during the year. This reporting does not occur immediately to the division and at times
happens until the end of the fiscal year. This leads to inadequate oversight since
consistent performance and review of bank reconciliations and oversight of bank
account activity is not ensured. California Government Code 13401 (a)(1) states, "active
oversight processes, including regular and ongoing monitoring processes, for the
prevention and early detection of ... errors in program administration are vital to public
confidence and the appropriate and efficient use of public resources." Standard Practice
Manual 1001, Internal Controls, states, “duties are divided or segregated so that no one
person has complete control over a key function or activity.” The department has
delegated the authority of the opening and closing of accounts to each individual
station or bureau captain. Implementing adequate oversight with internal controls and
a centralized approval process to open bank accounts held outside the Treasury, can
help mitigate the risk of asset misappropriation.

Recommendation 1.1

Establish a procedure centralizing at the Administrative Services Division the approval,

opening, and closing of all bank accounts.

Recommendation 1.2

Ensure there are adequate segregation of duties over the opening and closing of
accounts held outside of the Treasury.

Finding 2: Effective Internal Controls

Based on our review of the bank accounts held outside of the Treasury, we identified
the following:

• The Sheriff Department does not currently have policies and procedures in place
over the management of bank accounts held outside the Treasury.

Page 9
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

• Eight (53%) out of 15 bank accounts reviewed were missing the following key
elements:

• Two bank accounts reviewed were not reconciled timely. One had a delay of 69
days and the other had a delay of 90 days.

• Six reconciliations lacked the signature and date of when it was prepared and/or
when it was reviewed. For three of the six, we were unable to determine the
timeliness of the reconciliation completion.

Standard Practice Manual 1001, Internal Control states that, to maintain an effective
system of internal control, "well-documented policies and procedures are established
and maintained to promote employee understanding of job duties, provide day-to-day
guidance to staff and help ensure continuity during employee absences or turnover."
SPM 1001, Internal Control also states, "records are routinely examined and reconciled to
determine that transactions were properly processed." Additionally, Standard Practice
Manual 607, To Establish and Maintain Checking Accounts Outside the County Treasury
states that it is the responsibility of the “assigned trustor to each bank account …[to]
ensure compliance with the policies and procedures [and perform] timely
reconciliations of bank accounts…” The department does not have formal policies and
procedures for managing bank accounts held outside of the Treasury. Adequate
internal controls reduce the risk of errors, misappropriation of assets, and acts of
unauthorized activities.

Recommendation 2.1

Develop policies and procedures that ensure bank reconciliations for the accounts held
outside of the Treasury are adequately reviewed and approved to maintain compliance
with the Standard Practice Manual 1001, Internal Control.

Recommendation 2.2

Ensure staff is adequately trained and adhere to the process that ensures bank
reconciliations for the accounts held outside of the Treasury are adequately reviewed
and approved to maintain compliance with the Standard Practice Manual 1001, Internal
Control.

Page 10
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Inventory Management – Armory Room

Background

Perpetual inventory is an accounting method of maintaining up to date inventory

records that accurately reflect the level of goods on hand. The ability to accurately count
physical inventory is only one factor that must be considered in improving the
reliability of inventory records. Physical inventory counts are critical in verifying that
inventory exists, and that on-hand balances agree with records. Inaccurate and
unreliable inventory information impairs the county’s ability to (1) know the quantity,
location, condition, and value of assets it owns, (2) safeguard its assets from physical
deterioration, theft, loss, or mismanagement, (3) prevent unnecessary storage and
maintenance costs or purchase of assets already on hand, and (4) determine the full
costs of government programs that use these assets.

The inventory process has three primary areas where duties must be segregated:
physical counting of assets, recording of transactions, and approval of transactions.
Management must ensure that the normal job activities of the person performing the
physical count do not include custodial activities such as receiving, shipping, and
storing physical assets. Personnel recording transactions that affect the on-hand
quantities should not be responsible for the physical custody of the inventory or
approval of adjustments.

A fundamental element of internal control is the segregation of certain key duties. The
basic idea underlying segregation of duties is that no employee or group of employees
have complete control over a key function or activity. In general, the principal
incompatible duties to be segregated are:

• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions

Objective

To verify the existence and adequacy of internal controls over Sheriff Department’s
inventories held in armory rooms.

Page 11
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Audit Methodology

To accomplish these objectives, we:

• Obtained and documented all relevant policies and procedures over armory room
inventory maintenance.

• Interviewed Sheriff Department management and obtained an overview of armory

room inventory operations.

• Obtained an inventory listing of ammunition and firearms and selected a sample of

items to count and observe ensuring items are adequately tracked, counted, and
safeguarded.

• Reviewed supporting documentation for accuracy and segregation of duties.

Finding 3: Armory Room Internal Controls

Based on our review of the armory rooms for three Sheriff Department locations, we
identified the following:

• Reporting requirements of inventory to the Auditor-Controller’s Office through the

year-end reporting process are not being followed as established under Standard
Practice Manual 801, Inventory of Materials and Supplies.

• Twenty (67%) out of 30 items reviewed did not have any supporting documentation
or an auditable trail to support the last time the items were counted or if those counts
were reviewed and approved by a supervisor.

• Inventory items at one of the three locations are maintained on an excel spreadsheet
and are updated when items are received or pulled. This spreadsheet is maintained
solely by one staff member who is responsible for receiving items, pulling, and
updating.

• Four (80%) out of the five inventory items that were counted at one of the locations
did not reconcile to the counts in the internal spreadsheet maintained by personnel.

• One (3%) out of 30 items sampled were not found and no record was maintained to
determine the whereabout of the item.

Page 12
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Standard Practice Manual 801, Inventory of Materials and Supplies states, departments are
to “maintain segregation of duties, establish written [policies and] procedures, provide
adequate supervision, [perform physical] counts, determine [the] frequency of counts,
and ensure the completeness [and] evaluate the results of the counts.” The policy also
requires approvals for any adjustments and year-end reporting responsibilities. The
department does not have a process in place to adhere to Standard Practice Manual 801,
Inventory of Materials and Supplies. This prevents the Sheriff Department from
adequately assessing needs when planning, preparing, and strategizing for future
inventory purchases, and increases the risk of inaccuracies, theft of items, and misuse of
county resources.

Recommendation 3.1

Use an inventory management system such as Service Now, that tracks, maintains, and
updates inventory counts in real time to ensure that counts are accurate and facilitate
the year-end reporting processes in accordance with Standard Practice Manual 801,
Inventory of Materials and Supplies.

Recommendation 3.2

Ensure physical inventory counts are periodically conducted and documentation of the
counts, their review, and approval is maintained.

Recommendation 3.3

Ensure there are adequate segregation of duties for handling, tracking, and recording
inventory items or develop compensating controls to monitor inventory items.

Page 13
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Software Access Rights

Background

System access controls within information systems ensure proper confidentiality,

integrity, and availability to the data stored within the system. Authentication is a
control which confirms a user’s identity to provide access to a systems sensitive
information. Sensitive information is any information that must be protected from
unauthorized access to maintain the information security of an organization or an
individual. Authentication is often achieved by using login credentials such as a
username and password. Authentication relies on the presumption that the user is
authorized to use the system and that only the user knows the login credentials to gain
access.

Active directory is a directory service which allows the Sheriff Department Information
Systems (Information Systems) to manage permissions and access to network resources,
and linked data applications utilized by the department. When a user ends employment
with the department, an email is sent to an end of service email group. One of the
recipients of the email group is the Technical Service Bureau who is responsible for
disabling active directory which removes permissions and network access through the
creation of help desk tickets. These help desk tickets contain workflow tasks such as
disabling e-mail accounts, active directory, data/application systems access, badge
access, reclaiming software licenses, and reclaiming any equipment that may have been
issued to an employee. A help desk ticket is not closed until all tasks within have been
completed by Information Systems personnel.

If a system is not linked to active directory, the system access must manually be
removed to ensure the account is disabled.

Objective

To verify the existence and adequacy of internal controls over access for critical
information systems used by Sheriff Department.

Audit Methodology

To accomplish these objectives, we:

Page 14
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

• Obtained an understanding of County of Riverside Information Security Standard

v1.0.

• Interviewed key personnel regarding the department’s employee access termination

processes.

• Obtained a listing of Sheriff Department staff.

• Performed testing on 23 sampled Sheriff Department employees terminated within

the period of the audit.

• Obtained a listing of all critical Sheriff Department software systems and selected a
sample of systems to test.

• Obtained a listing of active users for the systems selected.

• Verified access to systems were disabled.

Finding 4: Timely Termination of Access Rights to Data Applications

Twenty (87%) out of 23 terminated employees did not have their access rights
terminated or disabled within 24 hours of ending employment with the Sheriff
Department. The average time lapsed to disable active directory accounts was 13 days
with the longest time lapsed being 99 days and the shortest being one day.
Additionally, two (9%) out of 23 terminated employees reviewed still had access after
employment ended as of the time of testing (May 2022). County of Riverside
Information Security Standard v1.0, Section 4.1, Account and Access Management, states,
“Accounts for terminated or transferred employees shall be disabled or removed on the
day of termination or transfer.” Sheriff Department does not have written policies and
procedures that detail the process and requirements for deactivating user accounts
when employees end employment with the department. When an account is not closed
immediately after employment has ended, there is a security risk to the information
maintained in the systems used by the department. Given the sensitivity of the
information Sheriff Department maintains in their systems, safeguarding sensitive
information needs to be of high priority.

Recommendation 4.1

Ensure the department is disabling active directory accounts on the day of an

employee’s termination or transfer from the department as required by County of
Riverside Information Security Standard v1.0, Section 4.1, Account and Access
Management.

Page 15
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Recommendation 4.2

Establish policies and procedures for the immediate disabling of user access rights for
terminated or transferred employee in accordance with County of Riverside
Information Security Standard v1.0, Section 4.1, Account and Access Management.

Finding 5: Access to Systems

We identified 12 (100%) of out of 12 terminated employees continued to have access to

systems not linked to active directory. An application that is not linked must be
manually deactivated. A policy and process is currently not in place to ensure this
manual step is occurring. Standard Practice Manual 1001, Internal Controls, identifies the
need for “well-documented policies and procedures … [to provide guidance to staff on
the day-to-day duties]. When access to a system not linked to active directory is not
manually deactivated, the credentials for the individual remain active and usable. For
information systems that hold sensitive information, access credentials should be
disabled upon termination to mitigate any risk associated with the information
maintained in these systems.

Recommendation 5

Implement a process/procedure to ensure that systems that are not linked to active
directory have a completed manual deactivation and verification that the individual no
longer appears on an active user listing.

Page 16
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Purchasing Processes

Background

Riverside County Purchasing and Fleet Services Department is responsible for

implementing policies and procedures set forth in the Riverside County Purchasing
Policy Manual (December 31, 2021). The Director of Purchasing is the Purchasing Agent
for Riverside County and can delegate his/her authority to Riverside County staff with
limitations that vary depending on the level of authority granted. See Table A for a
purchasing authority delegation summary:

Table A: Purchasing Authority Delegation Summary

PO's Against PeopleSoft

Position Purchase Order Authority
Contracts
Low Value Purchase
$5,000 per day per vendor $25,000 per day per vendor
Authority (LVPA)
Buyer I $25,000 per day per vendor $100,000 per day per vendor

Buyer II $50,000 per day per vendor $100,000 per day per vendor

Purchasing authority limitations will vary depending on whether purchases are made
against county contracted vendors and non-county contracted vendors. The Purchasing
Policy Manual states, “County staff may be granted LVPA upon successful completion
of LVPO training. LVPA allows departmental staff the ability to issue purchase orders
up to the amount of $5,000 per day per vendor and issues purchase orders up the dollar
value of $25,000 against existing RivCoPro or PeopleSoft contracts.”

Expenditures of $5,000 or greater, require county departments to obtain a minimum of

three written quotes from potential vendors to ensure the best use of taxpayer dollars.
The Purchasing Policy Manual describes the splitting of purchase orders as follows,
“Deliberate attempts to split orders, where the purpose is keeping total cost of each
order down below bid limits, and failure to combine orders when practical for the best
interest of the county in order to circumvent the limitations, is prohibited and may
result in disciplinary actions reduced or suspended purchasing authority.”

Page 17
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Objective

To verify the existence and adequacy of internal controls over Sheriff Department’s
purchasing processes.

Audit Methodology

To accomplish these objectives, we:

• Obtained an understanding of county procurement policies and procedures.

• Interviewed key personnel regarding procurement processes.

• Obtained a listing of all purchase orders for Sheriff Department.

• Obtained a listing of all Sheriff Department personnel with delegated purchasing

authority.

• Analyzed department expenditure data for the audit period to identify instances of
split purchase orders at the $5,000 and $25,000 limitations.

Finding 6: Purchase Orders

Thirty-three of 3,347 purchase orders, totaling $5.89M, were split and circumvented low
value purchase authority limitations of $25,000 per day per vendor for expenditures
against contracted vendors. Additionally, seven of 8,902 purchase orders, totaling
$407,598, were split and circumvented low value purchase authority limitations of
$5,000 per day per vendor for expenditures against non-contracted vendors. The
Purchasing Policy Manual states, “low value purchase authority allows departmental
staff the ability to issue LVPOs up to the amount of $5,000 per day per vendor and
issues purchase orders up to the dollar value of $25,000 against existing PeopleSoft
Contracts.” The Purchasing Policy Manual further states, “attempts to split orders, where
the purpose is keeping total cost of each order down below bid limits, and failure to
combine orders when practical for the best interest of the County in order to circumvent
the limitations, is prohibited.” The splitting of purchase orders circumvents requisitions
and approving internal controls put in place to ensure compliance with county
purchasing policies and mitigates risks of inappropriate purchasing practices. The
splitting of purchase orders also circumvents the formal bid requirements designed to
ensure the best use of taxpayer dollars.

Page 18
Internal Audit Report 2022-018: Riverside County Sheriff-Coroner Department Audit

Recommendation 6.1

Develop a process to maintain compliance with purchasing authority limitations set

forth in the Riverside County Purchasing Policy Manual.

Recommendation 6.2

Ensure personnel with purchasing responsibilities are trained on the Riverside County
Purchasing Policy Manual.

Page 19